Latest Activity

Messieurs les contrôleurs de la SNCF vous faites un beau métier
14 hours ago

By Olivier Lamy
Pour nos vacances en France, nous avons choisi de passer une semaine en Bretagne (cela tombe à point c'est la canicule à Paris).
En fait non, il n'y a rien d'improvisé et les billets ont été réservés et PAYES il y a près de deux mois par internet (ce point est important dans la suite du post).
Le train part donc de Paris Montparnasse à 10:04 ce mardi 30 Juin 2015. Depuis le début de nos vacances, nous avions prévu de rendre notre voiture ...
Continue reading →

An STS JAAS LoginModule for Apache CXF
2 days ago

By Colm O hEigeartaigh
Last year I blogged about how to use JAAS with Apache CXF, and the different LoginModules that were available. Recently, I wrote another article about using a JDBC LoginModule with CXF. This article will cover a relatively new JAAS LoginModule  added to CXF for the 3.0.3 release. It allows a service to dispatch a Username and Password to a STS (Security Token Service) instance for authentication via the WS-Trust protocol, and also to retrieve ...
Continue reading →

Apache Karaf Tutorial part 10 - Declarative services
2 days ago

By Christian Schneider

Blog post edited by Christian Schneider

This tutorial shows how to use Declarative Services together with the new Aries JPA 2.0.

You can find the full source code on github Karaf-Tutorial/tasklist-ds

Declarative Services

Declarative Services (DS) is the biggest contender to blueprint. It is a slim service injection framework that is completely focused on OSGi. DS allows you to ...


Continue reading →

Apache Karaf Tutorial Part 8 - Distributed OSGi
2 days ago

By Christian Schneider

Blog post edited by Christian Schneider - "Updated to karaf 3.0.3 and cxf dosgi 1.6.0"

By default OSGi services are only visible and accessible in the OSGi container where they are published. Distributed OSGi allows to define services in one container and use them in some other (even over machine boundaries).

For this tutorial we use the DOSGi sub project of CXF which ...


Continue reading →

A new Crypto implementation in Apache WSS4J
2 days ago

By Colm O hEigeartaigh
Apache WSS4J uses the Crypto interface to get keys and certificates for asymmetric encryption/decryption and signature creation/verification. In addition, it also takes care of verifying trust in an X.509 certificate used to sign some portion of the message. WSS4J currently ships with three Crypto implementations:
  • Merlin: The standard implementation, based around two JDK keystores for key/cert retrieval, and trust verification.
  • CertificateStore: Holds ...

Continue reading →

Using AWS KMS with Apache CXF to secure passwords
6 days ago

By Colm O hEigeartaigh
The previous tutorial showed how the AWS Key Management Service (KMS) can be used to generate symmetric encryption keys that can be used with WS-Security to encrypt and decrypt a service request using Apache CXF. It is also possible to use the KMS to secure keystore passwords for asymmetric encryption and signature, that are typically stored in properties files when using WS-Security with Apache CXF.

1) Encrypting passwords in a Crypto properties file

...
Continue reading →

Integrating AWS Key Management Service with Apache CXF
1 week ago

By Colm O hEigeartaigh
Apache CXF supports a wide range of standards designed to help you secure a web service request, from WS-Security for SOAP requests, to XML Security and JWS/JWE for XML/JSON REST requests. All of these standards provide for using symmetric keys to encrypt requests, and then using a master key (typically a public key associated with an X.509 certificate) to encrypt the symmetric key, embedding this information somewhere in the request. The usual ...
Continue reading →

Using a JDBC JAAS LoginModule with Apache CXF
1 week ago

By Colm O hEigeartaigh
Last year I wrote a blog entry giving an overview of the different ways that you can use JAAS with Apache CXF for authenticating and authorizing web service calls. I also covered some different login modules and linked to samples for authenticating a Username + Password to LDAP, as well as Kerberos Tokens to a KDC. This article covers how to use JAAS with Apache CXF to authenticate a Username + Password to a database via JDBC.

The test-case is ...
Continue reading →

Apache CXF Fediz 1.2.0 tutorial - part II
2 weeks ago

By Colm O hEigeartaigh
This is the second in a series of blog posts on the new features and changes in Apache CXF Fediz 1.2.0. The previous blog entry gave instructions about how to deploy the Fediz IdP and a sample service application in Apache Tomcat. This article describes how different client authentication methods are supported in the IdP, and how they can be selected by the service via the "wauth" parameter. Then we will extend the previous tutorial by showing how to ...
Continue reading →

Apache CXF Fediz 1.2.0 tutorial - part I
3 weeks ago

By Colm O hEigeartaigh
The previous blog entry gave an overview of the new features in Apache CXF Fediz 1.2.0. This post first focuses on setting up and running the IdP (Identity Provider) and the sample simpleWebapp in Apache Tomcat.

1) Deploying the 1.2.0 Fediz IdP in Apache Tomcat

Download Fediz 1.2.0 and extract it to a new directory (${fediz.home}). We will use a Apache Tomcat 7 container to host the Idp. To deploy the IdP to Tomcat:
  • Create a new directory: ...

Continue reading →

Enterprise ready request logging with CXF 3.1.0 and elastic search
3 weeks ago

By Christian Schneider

Blog post added by Christian Schneider

You may already know the CXF LoggingFeature. You used it like this:

Old CXF LoggingFeature <jaxws:endpoint ...> <jaxws:features> <bean class="org.apache.cxf.ext.logging.LoggingFeature"/> </jaxws:features> </jaxws:endpoint>

It allowed to add logging to a CXF endpoint at ...


Continue reading →

Apache CXF Fediz 1.2.0 tutorial - overview
1 month ago

By Colm O hEigeartaigh
Apache CXF Fediz 1.2.0 has been released. Fediz is a subproject of the Apache CXF web services stack. It is an implementation of the WS-Federation Passive Requestor Profile for SSO that supports Claims Based Access Control. In laymans terms, Fediz allows you to implement Single Sign On (SSO) for your web application, by redirecting the client browser to an Identity Provider (IdP), where the client is authenticated and redirected back to the ...
Continue reading →

SAML SSO RP Metadata support in Apache CXF
1 month ago

By Colm O hEigeartaigh
Apache CXF provides comprehensive support for SSO using the SAML Web SSO profile for CXF-based JAX-RS services. In Apache CXF 3.1.0 (and 3.0.5), a new Metadata service is available to allow for the publishing of SAML SSO Metadata for a given service.

The MetadataService class is available on a "metadata" path and provides a single @GET method that returns the service metadata in XML format. It has the following properties which should be configured:
  • ...

Continue reading →

Apache CXF 3.1.0 released
1 month ago

By Colm O hEigeartaigh
Apache CXF 3.1.0 has been released and is available for download. The migration guide for CXF 3.1.x is available here. The main (non-security) features of CXF 3.1.0 are as follows:
  • Java 6 is no longer supported.
  • Jetty 9 is now supported. Support for Jetty 7 has been dropped.
  • A new Metrics feature for collecting metrics about CXF services is available. 
  • A new Throttling feature is available for easily throttling CXF services.
  • A new Logging feature is ...

Continue reading →

Apache WSS4J 2.0.4 released
1 month ago

By Colm O hEigeartaigh
In addition to the new major release of Apache WSS4J (2.1.0), there is a new bug fix release available - Apache WSS4J 2.0.4. Here are the most important bugs that were fixed in this release:
  • We now support the InclusiveC14N policy.
  • We can enforce that a Timestamp has an "Expires" Element via configuration, if desired.
  • There is a slight modification to how we cache signed Timestamps, to allow for the scenario of two Signatures in a security header that ...

Continue reading →

Apache WSS4J 2.1.0 released
1 month ago

By Colm O hEigeartaigh
A new major release of Apache WSS4J, 2.1.0, has been released. The previous major release of almost a year ago, Apache WSS4J 2.0.0, had a lot of substantial changes (see the migration guide), such as a new set of maven modules, a new streaming implementation, changes to configuration tags, package changes for CallbackHandlers, etc. In contrast, WSS4J 2.1.0 has a much smaller set of changes, and users should be able to upgrade with very few changes ...
Continue reading →

The Rise Of Apache Tika
1 month ago

By Sergey Beryozkin
Apache Tika is an interesting project. It is not a very big one but IMHO it is poised to become the project every team serious about doing the complex, unstructured, binary content processing will talk about and use.

The power of Apache Tika lies in the simplicity it offers for processing different types of binary and other types of complex data. Consider a simple situation: your project needs to support analyzing PDF files. One approach is to write ...
Continue reading →

Opend Id Connect Certification Strategy
2 months ago

By Sergey Beryozkin
I've just read about an OpenId Connect Certification open strategy. IMHO it is brilliant and no doubt will guarantee a wider adoption of OIDC. Mike Jones's explanation of why it will work is a good read.

The closed (payed-only) certification model limits the adoption of a given technology by the
Continue reading →

[OT] Apache CXF is Electric !
2 months ago

By Sergey Beryozkin
I remember this day as it was yesterday. April or March of 1998. I'm in England, Stockport city centre, listening to Oasis's latest single. It was absolutely great, the energizing effect of it.

As it happens I haven't listened to Oasis for the next 17 years apart from hearing them occasionally on the local FM. But a month or so back, I finally got their disk.

"She is Electric" is one of the best songs, classical Oasis. Nearly every time I listen to it ...
Continue reading →

Apache Santuario - XML Security for Java 2.0.4 released
2 months ago

By Colm O hEigeartaigh
Apache Santuario - XML Security for Java 2.0.4 has been released. The issues fixed are available here. Perhaps the most significant issue fixed is an interop issue which emerged when XML Security is used with OpenSAML (see the Apache CXF JIRA where this was
Continue reading →
More Articles (+10)

Pages

Subscribe to Talend Community Coders aggregator